3

I asked this on networkengineering.stackexchange.com and was flagged as offtoppic but was told to ask here...so here goes:

I am on a mac, when I run ip route show I get the following output:

ip route show
default via 192.168.178.1 dev en0 -- line 1
127.0.0.0/8 via 127.0.0.1 dev lo0  -- line 2
127.0.0.1/32 via 127.0.0.1 dev lo0  -- line 3
127.94.0.1/32 via 127.94.0.1 dev lo0  -- line 4
169.254.0.0/16 dev en0  scope link  -- line 5
192.168.178.0/24 dev en0  scope link  -- line 6
192.168.178.1/32 dev en0  scope link  -- line 7
192.168.178.150/32 dev en0  scope link  -- line 8
224.0.0.0/4 dev en0  scope link  -- line 9
255.255.255.255/32 dev en0  scope link -- line 10

And I am trying to understand what it means. I have some ideas but I am not totally sure if I am right, so I will outline my interpretation of some of the confusing line and would appreciate folks who are more knowledgeable can confirm if I am right or wrong. And if wrong what is the right interpretation.

default via 192.168.178.1 dev en0 -- line 1

This means If I want to go to a destination IP address (say 216.58.214.4), there is no entry in my routing table for this, hence my device will send the packet via 192.168.178.1 (which is the IP address of my home modem) using the interface en0.

A part of the above I am not clear about is this. Does this mean that the destination address on the packet will now be changed from 216.58.214.4 to 192.168.178.1? Or how does the destination and source address be updated in this scenario where a packet meant for 216.58.214.4 is sent out via interface eno with the aim of sending it via 192.168.178.1

127.94.0.1/32 via 127.94.0.1 dev lo0 -- line 4

I understand this to mean that any packet destined to the IP address 127.94.0.1/32 will be sent out from the lo0 interface which is the loop back interface, via 127.94.0.1.

Now I am not sure why I have an entry in my routing table for 127.94.0.1. I googled that IP and it looks it is related to OpenVPN which I once installed but do not use (I use Tunnleblick instead). Also why 127.94.0.1? for line 1 I could understand that 192.168.178.1 is the IP address of my modem, but not sure where 127.94.0.1 is from

169.254.0.0/16 dev en0 scope link -- line 5

I understand this to mean that any packet with destination IP address within the range 169.254.0.0/16 would have to be sent out via interface en0.

This is the first line that include scope link what exactly does that mean?

If I guess that scope link means on the same subnet, then I can't reconcile that with the range 169.254.0.0/16 because as far as I can tell, my local subnet is 192.168.178.0/24. Also I googled the IP address 169.254.0.0 it has to do with DHCP. I am not sure how to make sense of that information.

192.168.178.150/32 dev en0 scope link -- line 8 The IP address of the mac I am using is 192.168.178.150 I am not sure why that is also in the route output.

255.255.255.255/32 dev en0 scope link -- line 10

I am not sure what to make of this. I understand that 255.255.255.255 is the broadcast address. I thought the broadcast address of my setup would be 192.168.178.255/32.

So why 255.255.255.255 instead of 192.168.178.255. Also I noticed that all entries with scope link does not have the via <ip.address> part. Question is, what exactly does the via <ip.address> portion mean in terms of routing.

Finlay Weber
  • 133
  • 5
  • Even though Linux has had clones of BSD network tools for decades, this is the first time I've heard of macOS imitating the Linux `ip` tool... – u1686_grawity Sep 05 '20 at 20:23
  • @user1686 it is actually not native...its via some sort of wrapper: https://github.com/brona/iproute2mac – Finlay Weber Sep 05 '20 at 20:51

2 Answers2

4

default via 192.168.178.1 dev en0 -- line 1

This means If I want to go to a destination IP address (say 216.58.214.4), there is no entry in my routing table for this, hence my device will send the packet via 192.168.178.1 (which is the IP address of my home modem) using the interface en0.

Yes, but keep in mind that "default" is not a special entry – it's just a normal route with 0.0.0.0/0 as the destination. Having the shortest prefix-length (/0) in the entire table is what actually makes it the last-resort route.

Does this mean that the destination address on the packet will now be changed from 216.58.214.4 to 192.168.178.1? Or how does the destination and source address be updated in this scenario where a packet meant for 216.58.214.4 is sent out via interface eno with the aim of sending it via 192.168.178.1

The IP header will not be changed at all. Instead, the link-layer (Ethernet) header will be updated to deliver the frame to the gateway's MAC address. (This is why a gateway must itself be local – you cannot specify a gateway that's itself behind another gateway.)

Now I am not sure why I have an entry in my routing table for 127.94.0.1. I googled that IP and it looks it is related to OpenVPN which I once installed but do not use (I use Tunnleblick instead). Also why 127.94.0.1? for line 1 I could understand that 192.168.178.1 is the IP address of my modem, but not sure where 127.94.0.1 is from

Well, Tunnelblick is an OpenVPN client... But the IP addresses are decided by the individual VPN server, not by the software itself.

However, if the route is a /32 and if it points at lo (the loopback interface), then I would strongly guess that it's an IP address configured on your own machine. Check ifconfig.

If I guess that scope link means on the same subnet, then I can't reconcile that with the range 169.254.0.0/16 because as far as I can tell, my local subnet is 192.168.178.0/24. Also I googled the IP address 169.254.0.0 it has to do with DHCP. I am not sure how to make sense of that information.

The 169.254.0.0/16 range is used by the "zeroconf" system, allowing someone to just connect a bunch of computers together without a DHCP server in sight – they self-assign addresses from this range and can communicate.

(Apple was deeply involved with Zeroconf – automatic IP addresses, Bonjour/mDNS device discovery, etc. – because they wanted IP-based LANs to retain the same convenient functionality that AppleTalk LANs already had for a long time.)

So usually the OS is built to attempt regular DHCP at first, and if it doesn't receive any DHCP offers, it won't disable networking outright – it will set up an 169.254.x address as a fallback. And some operating systems just do both simultaneously, already having a 169.254.x address there while waiting for DHCP answer to arrive.

That aside, it is completely normal, although unusual, for multiple IP ranges (subnets) to share the same physical Ethernet. Normally they remain unaware of each other and communicate through a gateway, but adding such 'scope link' routes tells the hosts that it is possible to communicate directly.

I am not sure what to make of this. I understand that 255.255.255.255 is the broadcast address. I thought the broadcast address of my setup would be 192.168.178.255/32.

No – both are broadcast addresses, one is link-local broadcast and the other is subnet-directed broadcast.

The former always sends out a broadcast Ethernet frame to the same link you're connected to, no matter what your or the recipient's IP configuration is. (The IPv6 equivalent is ff02::1.)

The latter can be directed, i.e. sent remotely from another subnet – e.g. if a host at 192.168.55.66 sent a packet to 192.168.178.255, it would travel through routers as a normal unicast packet at first, and only after reaching the router attached to 192.168.178.0/24 it would be broadcast. (No direct IPv6 equivalent.)

Also I noticed that all entries with scope link does not have the via <ip.address> part. Question is, what exactly does the via <ip.address> portion mean in terms of routing.

They mean opposite things. By definition, an "on-link" destination can be reached without using a gateway, because it's on the same link. And if a route uses a gateway, that's usually because its destination is not on-link.

  • "scope link" means that the destination IP address can be directly resolved to a local MAC address (using ARP or similar protocols), and the packet can be delivered to the final destination at Ethernet layer.

  • "via <gateway.ip.addr>" specifies that the gateway's IP address needs to be resolved to a MAC address, and the packet must be delivered to the gateway at Ethernet layer.

If you use the BSD native tools such as netstat -rn you will often see the same column being used to display either a gateway address for remote routes or an interface for on-link routes.

u1686_grawity
  • 426,297
  • 64
  • 894
  • 966
0

The way you have written the question makes it difficult to reference, and this is only a partial answer - but here goes:

  1. default via means a catchall route. If no more specific route is found, this is the route used - in your case sending the packet to 192.168.178.1 - the address of another router your system knows how to reach. route tables do not change IP addresses - they just direct traffic to its next location. There is another (NAT) system which is not related to the routing table which handles NAT.

  2. Its unclear why you have a 127.94 address there, but as its associated with lo, its not associated with a tunnel or VPN. It may be some other program doing something weird to communicate between threads?

3.192.168.178.150/32. Note /32 is a single address. This indicates the machine should handle packets to its IP address differently to packets in the 192.168.1 subnet.

davidgo
  • 68,623
  • 13
  • 106
  • 163